The year 2018 ended on a bitter note for Facebook when an extraordinary chain of events led to the U.K. Parliament getting hold of a treasure trove of internal Facebook documents. The documents shed light on conversations between executives on how to monetize Facebook users’ data. The executives also discussed third-party access to Facebook users’ data, which is at the root of the Cambridge Analytica scandal.
This post will focus on how the U.K. Parliament was able to gain access to the documents, rather than what the documents contain – although we will briefly touch on that too.
November 2018 saw British MP Damian Collins invoke a rare parliamentary mechanism to compel Ted Kramer, the founder of a former U.S. startup, to hand over highly confidential Facebook documents to the U.K. Parliament.
Damian Collins is chair of the Digital, Culture, Media and Sport select committee (DCMS), which is investigating disinformation and fake news. The attorneys of Six4Three, the U.S. startup involved in the incident, obtained the documents during the discovery process of a court action that Six4Three is holding against Facebook.
A U.K. journalist in touch with the Six4Three founder and aware of the DCMS investigation put the two men in touch. Kramer revealed to Collins that he was in possession of internal Facebook documents concerning the handling of user data by third-party apps. Aware that the files might help the DCMS investigation, Collins asked Kramer to share the documents with him. Kramer refused to comply, as the documents were under seal by the California court of law.
After repeated requests for the documents, the DCMS resorted to using an archaic parliamentary maneuver to force Kramer to hand over the documents while Kramer was in London for a business trip in November, sending a serjeant-at-arms to Kramer’s hotel to give Kramer a final warning and a two-hour deadline to comply.
Fearful of the consequences of not complying – which according to British law could lead to jail time or hefty fines – Kramer presented himself to the DCMS committee and handed over the documents on a USB stick. As he stated himself in a declaration for the California court of San Mateo:
I opened my computer, took out a USB drive, and went onto the local Dropbox folder synced to my computer … I identified a small number of files by filename and transferred them to the USB drive.
What do the events mean?
The unusual chain of events raises some serious questions, particularly concerning the validity of a U.S. ruling in the U.K. Asked about the legitimacy of the DCMS’s actions, Damian Collins responded in a letter to Facebook Vice President of Policy Solutions Richard Allan:
The House of Commons has the power to order the production of documents within the UK jurisdiction, and a committee of the House can publish such documents if it chooses to, with the protection of parliamentary privilege.
By stating that the files were stored in a “local Dropbox folder synced” to his computer, it appears that the files were indeed in the U.K. and, as such, under U.K. jurisdiction.
The extreme measures undertaken by the U.K. Parliament to gain access to the documents also show how reluctant Facebook is to cooperate with the U.K. parliamentary investigation. Indeed, Mark Zuckerberg continues to turn down invitations to appear in front of the DCMS and answer questions related to the Cambridge Analytica scandal.
Investigations such as the one led by the DCMS show that legislators are finally catching up to big technology companies. We expect to see tighter regulations put forward in the upcoming months to regulate tech companies and hold them accountable for their actions.
The archaic law that allowed for the seizure of the Facebook documents has now created a precedent for entities wanting to share documents under seal by U.S. or other foreign courts. While the legitimacy of the process is still up for debate, it might not be long until we see more cases like the one described here.
You can read the documents published by the DCMS here.
Who we are
The Threat Intelligence -Team helps clients to reduce the threat posed by adversaries to their networks by leveraging the power of collaborative defense in combination with comprehensive analytics and contextualized threat intelligence. DCSO delivers actionable intelligence on all levels – from atomic Indicators of Compromise (IoC) to insights into the political, economic and cultural context of adversaries.